Merge branch 'ticket/rxu/10035' into develop-olympus

* ticket/rxu/10035: [ticket/10035] ACP template edit feature allows to read any files on webserver.
2025-01-18 06:38:43 +01:00 · 2011-03-10 05:22:37 -05:00 · 2011-03-10 05:22:37 -05:00 · aa8f4000d3
commit aa8f4000d3
parent c78637da1a 9a9b156a8e
1 changed files with 1 additions and 1 deletions
--- a/phpBB/includes/acp/acp_styles.php
+++ b/phpBB/includes/acp/acp_styles.php
@ -716,7 +716,7 @@ parse_css_file = {PARSE_CSS_FILE}
 		$save_changes	= (isset($_POST['save'])) ? true : false;

 		// make sure template_file path doesn't go upwards
-		$template_file = str_replace('..', '.', $template_file);
+		$template_file = preg_replace('#\.{2,}#', '.', $template_file);

 		// Retrieve some information about the template
 		$sql = 'SELECT template_storedb, template_path, template_name